Java Keytool can be used to generate a certificate signing request file
using the "keytool -certreq" command.
A certificate signing request file contains the owner's public key
for the Certificate Authority (CA) to sign it into a certificate.

A CSR is intended to be sent to a certificate authority (CA). The CA will authenticate the certificate requestor (usually
off-line) and will return a certificate or certificate chain, used to replace the existing certificate chain (which initially
consists of a self-signed certificate) in the keystore.

The private key associated with alias is used to create the PKCS#10 certificate request. In order to access the private
key, the appropriate password must be provided, since private keys are protected in the keystore with a password. If keypass
is not provided at the command line, and is different from the password used to protect the integrity of the keystore, the
user is prompted for it. If dname is provided, it's used as the subject in the CSR. Otherwise, the X.500 Distinguished Name
associated with alias is used.

sigalg specifies the algorithm that should be used to sign the CSR.

The CSR is stored in the file certreq_file. If no file is given, the CSR is output to stdout.